Computer compromised or coincidental to hotmail account being hijacked & virus found?

Hello and thanks in advance for your time and help


A few weeks ago, my hotmail email account was hijacked and someone changed the password. I found this odd and did a full scan of my computer with AVG free and found nothing (I keep it updated regularly). Then I did a full scan with MalwareBytes and it found multiple things which surprised me as I try and scan every download with AVG before opening them. Anyway, I must have messed up as somehow I ended up with trojans and virus on my computer. I still have the Mbam report log from that scan that found problems.
In the meantime, I switched to an older computer I had that I knew was not infected and forgot about my main computer as my priority was to try and recover my hotmail account as that had years of work on it. Thats now a lost cause and I am ready to go back to my main computer. But before I do that, I want to be sure that there are not any backdoor trojans, keyword loggers or anything else left on there as I have spent well over 100 hours dealing with new passwords, updating all related accounts yada, yada. I want to be sure that computer is safe before I begin using it again.

What should I do to be 100% certain, or as best as possible, to be sure that machine is now safe to use? I re-scanned it with Mbam and it came up clean. I believe I also ran AVG on it again; Trendmicro and Panda software online scans as well. I tried to run Dr Web, but their website was crashing when I tried to download the latest version of it. I am not 100% sure what I have or have not actually run since I am brain fried from all the other stuff I have done trying to regain my email account.

Lets assume I did nothing and start as if I am actually infected.

Can someone please guide me through the steps to make sure my computer is free of malware, viruses, backdoors, keyword loggers and the like? I am not sure if the hacker got into my hotmail account by hacking my computer or if he hacked into hotmail itself, but the timing of it combined with the Mbam report of malware found, is suspicious enough to make me think that my computer may have been compromised and thats how he gained my password.


Thanks for the help!

Phil

 

Re: Computer compromised or coincidental to hotmail account being hijacked & virus fo

Hi Tim

Thanks for the help. After running SUPERANTISPYWARE, upon reboot, my computer had difficulty bringing up my desktop screen. It would show nothing and I would turn the monitor on and off. I would get a message of “monitor is working, but no signal, check input”. I unplugged and replugged the monitor cable about 4 times, switching between input 1 and 3 several times. (I have a quad capable monitor system and have split cable set up on each input cable). Nothing would show up on the monitor, even though that was the same plug in I had always used. I know it is not a problem with the monitor as I plugged in my other computer and used the same monitor and cables and the monitor worked fine.
Eventually, I got it to show me a monitor, but windows would not reboot and show the desktop. I was given a message that windows did not restart properly and it gave me options of starting in safe mode etc. I chose safe mode with networking to see what it would do and it showed me my desktop. I then turned the computer off and rebooted several times. Again, no desktop showed, nor did it give me the option of choosing safe mode etc. I then unplugged the monitor cable and switched between channel 1 and into channel 3 (which is the one I always had used). This time the desktop showed up fine and I was able to get online and continue to the MBAM scan.

I tried to run combofix, but forgot to disable AVG free 9.0, so it gave me a message it couldn’t run with AVG loaded. I then went to disable AVG and couldn’t find what to do from the interface, so I ran ccleaner to uninstall it. Rebooted, had a momentary problem with the monitor not showing the desktop again. Unplugged and re-plugged the cable and the desktop showed up.
Double clicked combofix and it started to run. I saw the tiny box pop up in the middle of my desktop, the green bars increase along the bottom of the tiny box and a window for combofix show up in the taskbar. Then the green bars went away and the “tiny box” disappeared, as well as the window for combofix in the taskbar. Waited a minute or so and nothing appeared to be happening. So I double clicked combofix again and the same pattern started. I wonder now if combofix was still running from the first time I double clicked it, but it wasn’t giving me any indication it was actually running behind the scenes.
I noticed that even though I told ccleaner to uninstall AVG, that there was still an icon in my toolbar for AVG, so I tried to run ccleaner to uninstall it again and got a message that AVG was not installed. Found that weird as there was still an icon there, so I rebooted, saw the icon still there and decided to try again. Combofix will not run.
Ok, ran an uninstaller from AVG and totally got rid of AVG, then tried combofix again and it ran. It asked me to download the windows recovery console, popped a few windows up for me to accept and at one point Zonealarm asked permission to allow access and I chose yes. Combofix then ran and generated a report. I never saw any windows showing what stage combofix was at (as per the screen shots on the “how to use combofix” page).

After running MGTools I never saw the command Prompt window that had the image "GetLogs-Final.jpg" like the instructions said so I looked online for others having the same problem and thought I found the solution by running getlogs.bat Well, I double clicked that and for a micro second, what looked like a command window opened up and that was it. Nothing else happened and no logs to be found anywhere. Shut down the computer and then tried to get into safe mode, but had the problem again with my desktop not showing up. Shut down again and just kept hitting f8 constantly, hoping it would boot into safemode. It wouldn’t. Shut down again, and plugged in the cables for my 2nd monitor. (each cable to the computer has a splitter on it so I can run 4 monitors ie 1 and 4 on one plug in, 2 and 3 on the other. Monitor 3 is set as my primary monitor. Well, this time I plugged in monitor 3 and monitor 1 and turned on both monitors. Monitor one now showed my desktop and I was able to get into safemode before the desktop came up. I then ran MGtools from safemode and the window popped up asking if I wanted to allow Hijackthis to run. I clicked twice on I accept and it ran and generated the zip file with logs.



At this time the only known problem I can see is the oddity of my main monitor not showing my desktop most of the time when I turn my computer on, or reboot. When windows shuts down for a reboot, I can hear the monitor turn off, like it has lost signal connection to the computer. The green light on the monitor which indicates it is energized/working goes from green to yellow and I can hear a sound like the energy is leaving the monitor or like it is degaussing. I wait long enough for windows to have rebooted and still no sign that the monitor is working. So I push in the power button and it goes from yellow to active green and I am shown not my desktop but a message saying “monitor working, no signal”. So then I have to fart around with unplugging and replugging in the monitor cable into the back of the computer. Sometimes this works, sometimes not. I would say this is not a problem in the monitor itself as I can plug in my old computer and use the same monitor and it starts right up, no problems. Any ideas on that?


Thanks again for the speedy and thorough help!

Phil

PS See next post for MGTOOLS log

 

Re: Computer compromised or coincidental to hotmail account being hijacked & virus fo

Posting the MGTOOLS log here, as well as the original MBAM log from the first time I ran it. That was a few days prior to contacting MajorGeeks for help when I realized I might be infected with something. I am also including a log file from SAS, which I ran before receiving your first reply and details on how to go about clearing my computer per the standard steps. Figured since they both cleared out some malware, it would be good to see what they caught in their scans.

 

Re: Computer compromised or coincidental to hotmail account being hijacked & virus fo

Thanks Tim!